Podcast
Questions and Answers
What is the most significant direct impact of the vulnerability discovered by Wendy on her network?
What is the most significant direct impact of the vulnerability discovered by Wendy on her network?
- Attackers may eavesdrop on network communications.
- Automated attacks are more likely to succeed.
- Attackers may use this information to gain administrative privileges. (correct)
- Encryption will not protect credentials for this account.
Which technique is the most effective way to carry out a domain hijacking attack?
Which technique is the most effective way to carry out a domain hijacking attack?
- Network eavesdropping
- ARP poisoning
- DNS poisoning (correct)
- Social engineering
Which character is the most important to restrict when performing input validation to protect against XSS attacks?
Which character is the most important to restrict when performing input validation to protect against XSS attacks?
- $
- < (correct)
- !
- '
Darren visited a phishing site designed to look like a legitimate banking site after typing the bank's URL. What type of attack is likely taking place?
Darren visited a phishing site designed to look like a legitimate banking site after typing the bank's URL. What type of attack is likely taking place?
Which technology must be enabled on a wireless network for a Pixie Dust attack to succeed?
Which technology must be enabled on a wireless network for a Pixie Dust attack to succeed?
What type of attack is most productive when a website requires complex passwords?
What type of attack is most productive when a website requires complex passwords?
What type of attack likely occurred when Vivian noticed millions of connection attempts from systems around the world that were never completed?
What type of attack likely occurred when Vivian noticed millions of connection attempts from systems around the world that were never completed?
Which attack against Bluetooth technology allows the attacker to steal information from the device?
Which attack against Bluetooth technology allows the attacker to steal information from the device?
What is the most dangerous consequence of a buffer overflow attack?
What is the most dangerous consequence of a buffer overflow attack?
Which of the following would not be considered an OSINT tool?
Which of the following would not be considered an OSINT tool?
What cryptographic attack may be used to find collisions in a hash function?
What cryptographic attack may be used to find collisions in a hash function?
Which is not a likely consequence of system sprawl?
Which is not a likely consequence of system sprawl?
Which control would best protect Bob's service from an attack by Mal?
Which control would best protect Bob's service from an attack by Mal?
What is the primary issue that Charlie needs to address regarding the Windows XP systems?
What is the primary issue that Charlie needs to address regarding the Windows XP systems?
What type of attack is most likely taking place when an end user trying to visit a banking website sees an error message?
What type of attack is most likely taking place when an end user trying to visit a banking website sees an error message?
During a security review, Terry identified a system using the RC4 cipher with a 40-bit key to protect communications over Remote Desktop Protocol. What weakness does this pose?
During a security review, Terry identified a system using the RC4 cipher with a 40-bit key to protect communications over Remote Desktop Protocol. What weakness does this pose?
What distinguishes a Birthday attack from other cryptographic attacks?
What distinguishes a Birthday attack from other cryptographic attacks?
What should Val do regarding the self-signed certificates?
What should Val do regarding the self-signed certificates?
What does the MX record identify?
What does the MX record identify?
How should Gina address the vulnerabilities related to port 3389?
How should Gina address the vulnerabilities related to port 3389?
What type of attack is indicated in scenario 30.D?
What type of attack is indicated in scenario 30.D?
What is the purpose of SOA records in DNS?
What is the purpose of SOA records in DNS?
What action is recommended for certificates used by external users?
What action is recommended for certificates used by external users?
Which feature is typically not supported by mobile device management solutions?
Which feature is typically not supported by mobile device management solutions?
In a round-robin load balancing scenario, which server will receive the next request after Server A?
In a round-robin load balancing scenario, which server will receive the next request after Server A?
What command-line utility can Ben use to identify active network connections and services listening on a Linux system?
What command-line utility can Ben use to identify active network connections and services listening on a Linux system?
How did the system receive the IP address shown in the ipconfig output?
How did the system receive the IP address shown in the ipconfig output?
What type of VPN is Tim planning to deploy based on the high-level diagram provided?
What type of VPN is Tim planning to deploy based on the high-level diagram provided?
To protect the password file for his service, what can Vince do?
To protect the password file for his service, what can Vince do?
Flashcards are hidden until you start studying
